11-24-2008 6:08 AM
Hi,
Can someone please assist me. We are working on BI7, and I have created my restriction objects for the roles in RSECADMIN. I'm now trying to find a list of objects (and roles) that have 0CO_AREA as a restriction field. Can someone advise on how I would go about finding the report.
Thanks
Edited by: Pumza Mtshingila on Nov 24, 2008 10:08 AM
11-24-2008 8:50 AM
Hi Pumza
In RSECADMIN you do not build restriction objects but restriction object fields
These fields can only be authorized in Authorization object S_RS_AUTH
You can find them via the normal SUIM tooling in the PFCG-roles:
transaction S_BCE_68001423: Object values in Roles, filter on object S_RS_AUTH
Kind regards,
Lodewijk
11-24-2008 8:50 AM
Hi Pumza
In RSECADMIN you do not build restriction objects but restriction object fields
These fields can only be authorized in Authorization object S_RS_AUTH
You can find them via the normal SUIM tooling in the PFCG-roles:
transaction S_BCE_68001423: Object values in Roles, filter on object S_RS_AUTH
Kind regards,
Lodewijk
11-25-2008 6:35 AM
Hi Lodewijk,
Thanks for your response, however it's the authorisation restriction values in the actual object fields I am looking for and not the actual object.
From SUIM I can only find the object name under S_RS_AUTH.
In this case under S_RS_AUTH I have a restriction to BPS_150020 and the details of the field values for this are defined in RSECADMIN (e.g. BPS_150020 has InfoProvider field, InfoObject)
To put it simply, I am looking for roles that allow access to controlling area 1000, which is specified in 0CO_AREA field for different object authorisation fields in RSECADMIN.
Thanks
11-25-2008 9:55 AM
Hi Pumza,
I have to correct myself: the Analysis Authorization you build in RSECADMIN is not represented in PFCG as an object field (this is BIAUTH) but as an object field value, so if you run transaction S_BCE_68001423: Object values in Roles, filter on object S_RS_AUTH and field BIAUTH: you are able to report on the analysis authorizations.
If you have chosen a meaningful naming convention you would be able to report here your Controlling Area 1000 value.
If not you can have a look at the following tables (with SE16) in which you have direct view of the Analysis Authorizations:
RSECTXT Analysis Authorizations: Texts
RSECVAL Analysis Authorizations: Value Authorizations
RSECHIE Analysis Authorizations: Hierarchy Authorizations
RSECUSERAUTH Analysis Authorizations: Direct User Assignment (without PFCG)
You can also consider to build reports on the Technical Content Infoproviders 0TCA_VAL, 0TCA_HIE & 0TCA_UA,
[see this document, page 21 & 22|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144]
KR,
Lodewijk
11-26-2008 6:45 AM
Hi Lodewijk,
Thank you so much for your assistance. I found the information I needed in the RSECVAL table.
Much appreciated.
Regards,
Pumza